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Secret Documents Reveal N.S.A. Campaign Against Encryption 

Documents show that the N.S.A. has been waging a war against encryption using a battery of methods that include working 
with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international 
encryption standards it knows it can break. Related Article » 



Excerpt from 201 3 Intelligence Budget Request Bullrun Briefing Sheet 



This excerpt from the N.S.A.’s 2013 budget request outlines the ways in which the agency circumvents the encryption 
protection of everyday Internet communications. The Sigint Enabling Project involves industry relationships, clandestine 
changes to commercial software to weaken encryption, and lobbying for encryption standards it can crack. 
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(U) COMPUTER NETWORK OPERATIONS 
(U) SIGINT ENABLING 
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(U) Project Description 



(TS//SI//NF) The SIGINT Enabling Project actively engages Hie US aud foreign IT indiustriics to covertly 
influence And/or overtly leverage their commercial prcHluerf designs, These design changes make the systems 
in ■question exploitable through SIGINT collection (c.g.. Endpoint, MidPoint. etc . ) with foreknowledge of the 
modification. To the consumer arwJ other adversaries, however, the systems 1 security remains intact, In this 
way, the SIGINT Enabling approach uses commercial technology and Insight to manage the increasing cost and 
technical challenges of discovering and successfully exploiting systems of interest within the ever-morc integrated 
and security-focused global communications environment. 

(TS//SI//REL TO USA, RVEY) This Project supports i\ft Comprehensive National Cybersecurily 
Initiative (CNCI1 by investing in corporate parrner&bips and providing new access to intelligence sources, 
reducing collection and exploitation costs of existing sources', and enabling expanded network operation and 
intelligence cxploiladon to support network defense and cyber situational awareness This Project contains the 
SIGINT Enabling Sub- Project. 

(U) Base resources in this project are used to: 

* (T5//5J//REL TO USA, FVEY) Insert vulnerabilities into commercial encryption systems, IT systems, 
networks, and endpoint communications devices used by targets, 

* (TS//SI//REL TO USA h FVEY) Collect target network data and metadata via cooperative network enmeni 
and/or increased control over core networks. 

» (TS//S 1//REL TO USA, FV E Y) Lc vcrhgc commercial capab Hides to remote! y del I ver or rccci ve information 
to and from target endpoints. 

* (TS//S1//REI - TO USA, FVEY) Exploit foreign trusted computing platforms and technologies. 

* (J5//SI//REL TO USA, FVEY) Influence policies, standards and specification for commercial public key 
technologies, 

* (TS/ZSI/TREL TO USA, FVEY) Make specific and aggressive investments to facilitate the development of 
a robust exploitation capability against Next-Generation Wireless (NGW) communications, 

* (U//FOUQ) Maintain understanding of commercial business and technology trends. 

* (U//FQUO) Procure products for internal evaluation. 

* (U//FOUO) Partner with industry and/or government agencies in developing technologies of strategic 
interest to NS A/CSS. 
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The N.SA's Sigint Enabling Project is a $250 million- 
a-year program that works with Internet companies to 
weaken privacy by inserting back doors into encryption 
products. This excerpt from a 2013 budget proposal 
outlines some methods the agency uses to undermine 
encryption used by the public. 



The agency works with companies to insert back doors 
into the commercial products. These back doors allow the 
agency, and in theory only the agency, to gain access to 
scrambled information that it would not be able to view 
otherwise. 



Because the N.S.A. has long been considered the world's 
top authority on encryption, it has dual, sometimes 
competing, roles. One responsibility of the agency is to 
safeguard United States communications by promoting 
encryption standards, and the other is to break codes 
protecting foreign communications. Part of the Sigint 
Enabling Project's goal is to influence these standards — 
which are often used by American companies — and 
weaken them. 
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* (TS//SLVREL TO USA, FVEY) Support the SIGINT exploitation of NOW, a MIF/MP collective 
invesiment. This request reflecis only the NIP portion of the program Refer tu M1P NS A volume for details 
on MIP related activities, 

* (TS//SI//REL TO USA, FVEY) Provide for continued partnerships with major telecommunications carriers 
to shape the global network to benefit other collectlofl accesses and allow the continuation of partnering with 
commercial Managed Security Service Providers and threat researches, doing threat/vulnerability analysis. 

- (TS//SI//REL TO USA, FVEY) Continue relationships with comm ercial IT partners and capitalize on new 
opportunities, including die enabling of cryptography used by the | 

governments enable the encryption being used in a high interest satellite si gnu I, which allows access no the 
communications being carried on a commercial satellite provider. 

(U) There are no new activities in this Project for FY 2013. 

(U) The CCP expects ibis Project to accomplish the following in FY 2013: 

* (T5.VSJ//NF) Reach an initial operating capability for SIGINT access to data flowing through a commercial 
Arabic language/Middlc East-oriented anonymous internet service. [CCP^0GQO9J 

* (TS//SI//REL TO USA, FVEY) Reach full operating capability for SIGINT access to data flowing through 
a hub fora major commercial communications provider and assess Its long term benefits. 

* (TS//5I//REL TO USA, FVEY) Reach full operating capability for S JOINT access to a major Internet Pccr- 
i.o- Peer voice and text communications system, 

+ (TS//S1//REL TO USA, FVEY) Complete enabling for encryption chips used In Virtual 

Private Network and Web encryption devices, ICCP_00009] 

* (TS//S1//REL TO USA, FVEY) Make gains in enabling decryption and Computer Network Exploitation 
(CNE) access to fourth gcncrsition/Long Tenn Evolution (4G/LTE) networks via enabling. [CCP_O0GO9] 

* (TS//SI//REL TO USA, FVEY) Assess existing wireless calling metadata accesses and balance flow of this 
data into NS A/CSS with the ability to ingest and utilize this information. [CO_OOQ47J 

* (TS//SI//REI . TO USA, FVEY) Assess existing commercial cyber information flows and balance the flow 
of this data into N5A/C53 with rhe ability to ingest and analyze this information; to support cyber situational 
awareness. [CO 00047] 

* (TS//S1//NF) Shape the worldwide commercial cryptography marketplace to make it more tractable to 
advanced cryptanalytic capabilities being developed by NSA/CSS- [CCP_00D9O] 

(U) Changes From FY 2012 to FY 2013: 

(S// Nl 1 ’) SIGINT Enabling: *$20.4 million (-$20.4 Base), -2 civilian positions. The aggregate decrease is 
the result of: 

* (U) Increases: 

— (TS/-5WNF) $5,6 million reflects additional level of investment in enabling exploitation capabilities 
against NGW mobile and data networks. 

— fTS^SIZ/NF) $4.1 million enables additional support to Endpoint operations. Support to this mission 
area rcc[uire& SIGINT Enabling to invc&t in new infrastructure and capabilities with commercial 
partners, 

— (S//NF) $0.4 million in civilian pay and benefits. 



The agency defines capability as “the NSA/CSS ability to 
exploit a specific technology,” according to a 2010 
document outlining the Bullrun program. Here, the agency 
is claiming that it can gain access to the text and audio of 
an Internet chat service. It is unclear from the documents 
that The New York Times and ProPublica have access to 
which service this document refers to. 



Large Internet companies use dedicated hardware to 
scramble traffic before it is sent. In 2013, the agency 
planned to be able to decode traffic that was encoded by 
one of these two encryption chips, either by working with 
the manufacturers of the chips to insert back doors or by 
exploiting a security flaw in the chips' design. 
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— fSZ/TJF) $0.3' million due to revised economic assumptions, 

- (U) Decreases: 

— (T5//SI//NF) $20. & million of contractor reductions to fund priority Community investment^ which 
impacts the ability to sustain and expand act ivities directly supporting cyber informational needs. 

— (TS^/SV/NF) Decrease of $10.0 million in Support of deficit reduction efforts, which reduces 
effectiveness of accesses supporting intelligence collection and Endpoint operations. 

— (TS//SI//NF) Two civilian positions reduces development of strategic capabilities enabling 
cryptographic exploitation of target communications to advance NS A/CSS' missions. 
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